Skip to content

Commit

Permalink
Merge pull request #74 from bci-oss/feature/autogenerate-postgres-pw
Browse files Browse the repository at this point in the history
Include logic to generated postgres-password if not set via values.yml
  • Loading branch information
tunacicek authored Jan 22, 2024
2 parents 4c8319d + 5772d31 commit 66ced2b
Show file tree
Hide file tree
Showing 6 changed files with 87 additions and 20 deletions.
11 changes: 8 additions & 3 deletions .github/workflows/helm-test.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Copyright (c) 2023 Robert Bosch Manufacturing Solutions GmbH
# Copyright (c) 2023 Contributors to the Eclipse Foundation
# Copyright (c) 2024 Robert Bosch Manufacturing Solutions GmbH
# Copyright (c) 2024 Contributors to the Eclipse Foundation

# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
Expand Down Expand Up @@ -79,11 +79,16 @@ jobs:
run: ct install --charts charts/bpndiscovery --config charts/chart-testing-config.yaml
if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'

- name: Generate random password (This password is only a placeholder for the next step and will not used). The postgresPassword/password will be set via postgres-init.yaml.
id: generate-password
run: |
echo "PASSWORD=PLACEHOLDER_PW" >> $GITHUB_ENV
- name: Run helm upgrade
run: |
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
helm install bpndiscovery tractusx-dev/bpndiscovery --version ${{ github.event.inputs.upgrade_from || '0.1.13' }}
helm dependency update charts/bpndiscovery
helm upgrade bpndiscovery charts/bpndiscovery
helm upgrade bpndiscovery charts/bpndiscovery --set global.postgresql.auth.postgresPassword=$PASSWORD --set global.postgresql.auth.password=$PASSWORD
if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'
6 changes: 3 additions & 3 deletions charts/bpndiscovery/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Copyright (c) 2023 Robert Bosch Manufacturing Solutions GmbH
# Copyright (c) 2023 Contributors to the Eclipse Foundation
# Copyright (c) 2024 Robert Bosch Manufacturing Solutions GmbH
# Copyright (c) 2024 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
Expand All @@ -24,7 +24,7 @@ sources:
- https://github.com/eclipse-tractusx/sldt-bpn-discovery

type: application
version: 0.1.16
version: 0.1.17
appVersion: 0.2.8

dependencies:
Expand Down
6 changes: 4 additions & 2 deletions charts/bpndiscovery/templates/deployment.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Copyright (c) 2023 Robert Bosch Manufacturing Solutions GmbH
# Copyright (c) 2023 Contributors to the Eclipse Foundation
# Copyright (c) 2024 Robert Bosch Manufacturing Solutions GmbH
# Copyright (c) 2024 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
Expand Down Expand Up @@ -66,6 +66,8 @@ spec:
envFrom:
- secretRef:
name: {{ $sec_name }}
- secretRef:
name: {{ .Values.postgresql.auth.existingSecret }}
resources:
{{ .Values.bpndiscovery.resources | toYaml | indent 12 }}
imagePullSecrets:
Expand Down
60 changes: 60 additions & 0 deletions charts/bpndiscovery/templates/postgres-init.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
# Copyright (c) 2024 Robert Bosch Manufacturing Solutions GmbH
# Copyright (c) 2024 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0.
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
###############################################################
{{- if .Values.enablePostgres }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.postgresql.auth.existingSecret }}
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install, pre-upgrade
type: Opaque
{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.postgresql.auth.existingSecret) }}
{{- $defaultSecret := (lookup "v1" "Secret" .Release.Namespace ( printf "%s-postgresql" .Release.Name )) }}
# 1. Check if given secret exists
{{ if $secret -}}
data:
{{- $postgresPassword:= ( .Values.postgresql.auth.password | b64enc) | default ( index $secret.data "postgres-password" ) | quote }}
postgres-password: {{ $postgresPassword }}
{{- $password:= ( .Values.postgresql.auth.password | b64enc) | default ( index $secret.data "password" ) | quote }}
password: {{ $password }}
SPRING_DATASOURCE_PASSWORD: {{ $password }}
SPRING_DATASOURCE_URL: {{ printf "jdbc:postgresql://%s-postgresql:%v/%s" .Release.Name .Values.postgresql.service.ports.postgresql .Values.postgresql.auth.database | b64enc }}
SPRING_DATASOURCE_USERNAME: {{ .Values.postgresql.auth.username | b64enc }}
# 2. Check if default postgresql secret (Release.Name-postgresql) exists
{{ else if $defaultSecret -}}
data:
{{- $postgresPassword:= ( .Values.postgresql.auth.password | b64enc) | default ( index $defaultSecret.data "postgres-password" ) | quote }}
postgres-password: {{ $postgresPassword }}
{{- $password:= ( .Values.postgresql.auth.password | b64enc) | default ( index $defaultSecret.data "password" ) | quote }}
password: {{ $password }}
SPRING_DATASOURCE_PASSWORD: {{ $password }}
SPRING_DATASOURCE_URL: {{ printf "jdbc:postgresql://%s-postgresql:%v/%s" .Release.Name .Values.postgresql.service.ports.postgresql .Values.postgresql.auth.database | b64enc }}
SPRING_DATASOURCE_USERNAME: {{ .Values.postgresql.auth.username | b64enc }}
{{ else -}}
# 3. If no secret exists, use provided value from values file or generate a random one if secret not exists.
stringData:
{{- $password:= .Values.postgresql.auth.password | default ( randAlphaNum 32 ) | quote }}
postgres-password: {{ $password }}
password: {{ $password }}
SPRING_DATASOURCE_PASSWORD: {{ $password }}
SPRING_DATASOURCE_URL: {{ printf "jdbc:postgresql://%s-postgresql:%v/%s" .Release.Name .Values.postgresql.service.ports.postgresql .Values.postgresql.auth.database }}
SPRING_DATASOURCE_USERNAME: {{ .Values.postgresql.auth.username }}
{{ end }}
{{- end -}}
11 changes: 4 additions & 7 deletions charts/bpndiscovery/templates/secret.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Copyright (c) 2023 Robert Bosch Manufacturing Solutions GmbH
# Copyright (c) 2023 Contributors to the Eclipse Foundation
# Copyright (c) 2024 Robert Bosch Manufacturing Solutions GmbH
# Copyright (c) 2024 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
Expand All @@ -25,11 +25,8 @@ metadata:
name: {{ $sec_name }}
type: Opaque
data:
{{- if .Values.enablePostgres }}
SPRING_DATASOURCE_URL: {{ printf "jdbc:postgresql://%s-postgresql:%v/%s" .Release.Name .Values.postgresql.service.ports.postgresql .Values.postgresql.auth.database | b64enc }}
SPRING_DATASOURCE_USERNAME: {{ .Values.postgresql.auth.username | b64enc }}
SPRING_DATASOURCE_PASSWORD: {{ .Values.postgresql.auth.password | b64enc }}
{{- else }}
# If postgres enabled the environment values will be used from postgres-init.yaml
{{- if not .Values.enablePostgres }}
SPRING_DATASOURCE_URL: {{ .Values.bpndiscovery.dataSource.url | b64enc }}
SPRING_DATASOURCE_USERNAME: {{ .Values.bpndiscovery.dataSource.user | b64enc }}
SPRING_DATASOURCE_PASSWORD: {{ .Values.bpndiscovery.dataSource.password | b64enc }}
Expand Down
13 changes: 8 additions & 5 deletions charts/bpndiscovery/values.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Copyright (c) 2023 Robert Bosch Manufacturing Solutions GmbH
# Copyright (c) 2023 Contributors to the Eclipse Foundation
# Copyright (c) 2024 Robert Bosch Manufacturing Solutions GmbH
# Copyright (c) 2024 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
Expand Down Expand Up @@ -60,8 +60,8 @@ bpndiscovery:
## The url, user, and password parameter will be ignored if 'enablePostgres' is set to true.
## In that case the postgresql auth parameters are used.
url: jdbc:postgresql://database:5432
user: user
password: password
user:
password:
ingress:
enabled: false
tls: false
Expand All @@ -86,5 +86,8 @@ postgresql:
postgresql: 5432
auth:
username: catenax
password: password
# if password is empty, the postgres password will be generated random via postgres-init
password:
database: bpndiscovery
# -- Secret contains passwords for username postgres.
existingSecret: secret-postgres-init

0 comments on commit 66ced2b

Please sign in to comment.